When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Irish Data Protection Commission fines Meta over $264 million for 2018 Facebook data breach

Neowin · with 0 comments

Meta

The Irish Data Protection Commission (DPC) has fined Meta €251 Million (over $264 million) following a 2018 data breach that exposed data of over 50 million user accounts. The Irish DPC, which was Meta's primary EU privacy regulator, issued the fine after concluding its investigation. In 2018, hackers exploited a bug in Facebook's code, stealing access tokens—digital keys that allow users to stay logged in—giving them control over affected accounts.

The incident occurred because of a flaw in Facebook's "View As" feature, which allowed users to see how their profiles appeared to others. Hackers used this feature to steal digital tokens, jump from one account to another, and gained access to private information of millions of Facebook users. When Facebook acknowledged this issue, it estimated 50 million accounts were impacted. However, upon investigation, the number was revealed to be closer to 29 million, with around 3 million in Europe alone.

Reportedly, the private information that was exposed included users' full names, email addresses, phone numbers, locations, places of work, dates of birth, religion, gender, posts on timelines, groups of which the user was a member, friends, and children's data. The decision to impose over $264 million fine on Meta was made by the Commissioners for Data Protection, Dr. Des Hogan and Dale Sunderland. The Irish DPC, acting under the EU’s strict privacy law—the General Data Protection Regulation (GDPR)—found multiple violations. Meta’s European headquarters in Dublin makes Ireland the lead authority on such matters.

DPC Deputy Commissioner Graham Doyle commented, "Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances. By allowing unauthorized exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data."

Meta responded to the ruling, stating that they would exercise their option to appeal the decision. "This incident is from 2018. We took immediate steps to fix the problem and informed those affected as well as relevant regulators," Meta said in a statement.

Source: Irish Data Protection Commission

Report a problem with article
Galaxy Z Fold6
Next Article

Report: Samsung considering Apple Pencil technology for Galaxy Z Fold7's S-Pen

Call of Duty Ghosts
Previous Article

More classic Call of Duty PC games hit Microsoft Store, hinting at Game Pass launch

Join the conversation!

Login or Sign Up to read and post a comment.

0 Comments - Add comment